Heartbleed

Heartbleed

A bug in the widely used OpenSSL Internet security protocol that was discovered on April 1, 2014. Heartbleed enabled a large amount of memory (RAM) to be accessed, which could disclose passwords and private keys. Although a patch was forthcoming in a matter of days, more than a half million Web servers were vulnerable until the patch was applied. See OpenSSL, SSL and TLS.

At any given time, we should expect for one per cent of high-urgency vulnerabilities to be actively exploited while 56 percent of all OpenSSL versions are still vulnerable to Heartbleed," Dabboussi continued.

Given that the flaw has been around for more than ten years, almost all Linux and Unix machines running will be vulnerable and this could have a bigger impact than Heartbleed which we saw earlier this year," said Wolfgang Kandek, chief technical officer for Qualys, Inc.

Unlike Heartbleed , which was quite hard to exploit properly, Shellshock can be exploited with just a couple of lines of code, giving just about anyone the ability to run arbitrary code on an affected computer.

All content on this website, including dictionary, thesaurus, literature, geography, and other reference data is for informational purposes only. This information should not be considered complete, up to date, and is not intended to be used in place of a visit, consultation, or advice of a legal, medical, or any other professional.